Create a vpn Server for a single network adapter in ubuntu

There are many methods for setting up a vpn Server on ubuntu with a single Nic, including PPTP, L2TP/IPSec, and OpenVPN. Among the three methods, the latter two have better security, but the configuration is troublesome. OpenVPN also requires additional clients on the Windows/Mac platform. Although the L2TP/IPSec method is better, after I configure it, although Windows and Linux users have no problems, Mac/iPhone cannot be connected, PPTP is the easiest way to configure the three, and it is very convenient to use because the corresponding clients are built in Windows/Mac systems. The server environment is a single Nic eth0. The required software package for building pptp server in Ubuntu is pptpd. You can use apt-get to install sudo apt-get pptpd.
The system automatically resolves the dependency. After the dependency is installed, you need to set the dependency. First, edit/etc/pptpd. conf sudo nano/etc/pptpd. conf to remove the comments of the localip and remoteip parameters at the end of the file, and modify them accordingly. Here, localip is the ip address of the server after VPN connection, while remoteip is the client's allocable ip address. Localip 10.100.0.1 www.2cto.com remoteip 10.100.0.2-10 after editing this file, we need to edit the/etc/ppp/pptpd-options file, or use nano to edit the file. The command will not be written here. Here, the vast majority of parameters only need to maintain the original default value. We only need to change the ms-dns option and assign the DNS server address to the VPN Client:
Ms-dns 202.113.16.10 ms-dns 208.67.222.222 modify the/etc/ppp/chap-secrets file, which contains the VPN user name and password. You can enter the password based on your actual situation. As shown in the comments in the file, the first column is the user name, and the second column is the server name (by default, pptpd is used. If you have changed the name in the pptpd-options file, note that it is consistent here ), the third column is the password, and the fourth column is the IP address restriction (do not limit writing ). After all the operations are completed, we need to restart the pptpd service to make the new configuration take effect: sudo/etc/init. d/pptpd restart: Find a Windows computer, create a VPN link, enter the Server IP address (or domain name), and enter the user name and password as set, the field is empty (if you set it in pptpd-options, it will be consistent here), just click the link. Under normal circumstances, you should be able to establish a VPN connection with the server.
After the connection is established, you will find that in addition to the resources on the server, other internal and external content and Internet content cannot be accessed. If you need to access the content, we need to further set: first, enable ipv4 forward. The method is to modify/etc/sysctl. conf, find the rows similar to the following, and cancel their comments: net. ipv4.ip _ forward = 1 and then make the new configuration take effect: sudo sysctl-p
Sometimes, after this setting, the client machine can access the Internet (I can perform this operation on the virtual machine ). But I still cannot access the network after performing this operation on the lab server, so we need to create a NAT. Here we use powerful iptables to create NAT. First, install iptables: sudo apt-get intall iptables www.2cto.com and add a rule to the nat table: sudo iptables-t nat-a postrouting-s 10.100.0.0/24-o eth0-j MASQUERADE, the client machine should be able to access the Internet. However, in this case, the iptables rule will be cleared at the next restart, so we also need to save it by using the iptables-save command:
Sudo iptables-save>/etc/iptables-rules, modify the/etc/network/interfaces file, find eth0, and add the following sentence at the end of eth0 settings: pre-up iptables-restore </etc/iptables-rules: When the eth0 of the NIC is loaded, it is automatically loaded to the configuration saved with iptables-save in advance. At this point, a VPN Server/Gateway is basically set up. Of course, you may have followed my methods and still cannot succeed. Here are some of the problems and solutions I have encountered:
After you cannot establish a VPN connection and set pptpd, the client still cannot establish a connection to the server. The possible causes are as follows: 1. server-side firewall settings: the PPTP service must use the 1723 (tcp) port and gre protocol. Therefore, make sure that your firewall settings allow both of them to pass through. 2. If the server is behind the vro, make sure that the corresponding settings and port forwarding are completed on the vro. 3. If the server is behind the router, make sure that your server supports VPN Passthrough. 4. If the client is behind the vrorough, The vro used by the client must also support VPN Passthrough. In fact, a slightly better vro on the market supports VPN Passthrough. Of course, it is not ruled out that the cheapest and cheapest goods are indeed not supported. Of course, if your vro can be flushed to DD-Wrt, it will be flushed. DD-Wrt is supported.
You can create a link, but "almost" cannot access the Internet www.2cto.com. Here I use the word "almost" because it is not completely inaccessible to the Internet. The problem is that it is okay to open Google search, but other websites cannot open it. SSH is available, but scp is not; ftp can shake hands, but files cannot be transferred. I encountered this kind of problem. After careful Google, I found that it was a problem with MTU. I tested it with ping and it turned out that the package was too large. You can solve the problem by using iptables. I will not talk about the specific principles. I need to Google myself. Here we only talk about the solution. Add the following rule to the filter table: sudo iptables-a forward-s 10.100.0.0/24-p tcp-m tcp -- tcp-flags SYN, rst syn-j TCPMSS -- set-mss 1200 the 1200 in the above rule can be modified according to your actual situation. To ensure the best network performance, this value should be continuously modified, the maximum value in normal network usage. Now, a single network adapter pptp-server is complete.